Blended Threats are the issue now [was Re: Virus Vs. Trojans
From: Kent W. England [MVP] (kwe_at_mvps.org)
Date: 07/01/04
- Next message: Kent W. England [MVP]: "Re: Support sites for virus and trojan removal"
- Previous message: anonymous_at_discussions.microsoft.com: "Hijacker virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Jun 2004 17:18:54 -0700
Connie wrote:
> What is the difference between a virus and a trojan
> horse? I use AVG and Adware. I seldom have problems with
> viruses but I continually get pop ups advising me of
> trojans and to run AVG for Windows to remove. However,
> the pop ups continue. The latest one is called trojan
> horse downloader. VB.3.AF. Are these trojans harmful?
> Should I worry about them?
Most of the dangerous stuff going around now are what are called
"blended threats" because they don't fit the old categories of virus,
trojan, adware, spyware, etc., and because they use several mechanisms
to propagate and do their dirty business.
A common blended threat takes advantage of a Windows or IE vulnerability
to download a small piece of code and put it on the hard disk. This code
is known as a dropper because its job is to install another piece of
code (possibly after downloading it from the Internet or unpacking it
from its own file).
The code that is dropped might be a trojan. These trojans have no means
of propagating themselves (that is what the dropper does). Some trojans
are actually pirated commercial software for mass emailing. Others are
designed to hide themselves to avoid detection and removal.
On the other hand, there is a new IE exploit that puts executable code
in an image file that is transferred via a web server and executed by
IE. I don't know if you can call that a virus or not. Who cares?
It should be noted that all these new types of threats are causing the
anti-virus vendors to revamp their approach to their task. Most of thema
are by no means up to the task of protecting your computer from blended
threats, network vulnerabilities and IE vulnerabilities. Most of them
have no means to detect any but the simplest of trojans. But they do
protect against a legacy of old threats, so AV is still essential. And
you can find some vendors that are trying very hard to expand their
software capabilities to protect your network connections and browser.
So you need to build a model in your mind of what these various threats
are and ask "Does this product protect me from email viruses? Does it
protect me from blended threats that sneak in via a network port or an
IE vulnerability? Does it protect my email previewer from executing bad
code? Does it watch for signs of trojan activity? Can it remove
difficult trojans or only detect them? Does it stop my browser from
changing the home and search pages without permission?"
-- Kent W. England, Microsoft MVP for Windows Security
- Next message: Kent W. England [MVP]: "Re: Support sites for virus and trojan removal"
- Previous message: anonymous_at_discussions.microsoft.com: "Hijacker virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
